Navigate

CCI-000336

CCI-000336 Definition

After system changes, verify that the impacted controls are operating as intended, meeting the security requirements for the system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to verify in an operational environment, following changes to the information system, the security functions are operating as intended. The organization must maintain an audit trail of the verification of security functions.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of the verification of security functions to ensure the organization being inspected/assessed verifies in an operational environment, following changes to the information system, the security functions are operating as intended.

Compelling Evidence

1.) Signed and dated process to verify security functions are operating as intended in an operational environment following changes to the information system 2.) Audit trail

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000336.

Control	Description
CM-4(2)	The organization, after the information system is changed, checks the security functions to verify that the functions are implemented correctly, operating as intended, and producing the desired outcome with regard to meeting the security requirements for the system.